php – Why is using Sessions not a good alternative for authentication?


I see some discussions about using "Sessions" not to be scalable, but since I don't have experience with projects big enough to realize this yet, I don't know how it works.


There is no problem with sessions. The problem may be that initially the session data is stored in local files, so if you want to have several web servers for the same site, you may have problems with the session on one server not being seen on another server.

But this can be improved by replacing the "session handler" functions to store the data on a server that can be accessed by multiple servers, for example using memcached or even MySQL tables stored in memory using the HEAP type.

You can override the "session handler" functions using the session_set_save_handler function. Here's an example of how to change functions to store session data in MySQL tables that even manages to clear expired sessions or even specific user sessions.

Scroll to Top